iMac, Three years of AppleCare Red Tape & No Solution In Sight

April 2009 - Present
In April of 2009, after receiving a bonus from my employer (I work as a Graphic Designer), I decided to invest in my career with an Apple iMac. I ordered a custom configuration which included an advanced graphics card, a larger hard-drive (1 TB), 4GB of memory and the ever important Apple Care Protection Plan; in total, I spent around $4000. It took a while to receive my new 24” iMac, but it finally came in June 2009.

I installed my software and began to take on more freelance design work. Within a week, my mouse began to move erratically at times and my files didn’t always open in the same state as when I had last saved them – I decided that the best thing to do would be to reinstall the Operating System. The same things continued to happen, and so, within a week and a half of receiving my new iMac, I erased the HD (secure-erase, writing zeros) and reinstalled the OS. Unfortunately for me, this was only the first of a plethora of attempts to secure my system.

I began by following the guidelines in the Apple Security Configuration guide and purchasing the book Mac OS Support Essentials v.10.6; and more recently, the book for OS 10.7, Lion. I learned as much as humanly possible about how to control local access; I found that after a clean install I am always a member of the “staff” group; not the “admin” group; and I am the only user on my computer.

When I read the Apple Pro Training Series, OS X Lion Support Essentials (Apple Certification exam preparation for: Apple Certified Support Professional 10.7), it states the following:

From page 61, "Administrative users aren't much different from regular users, save for one important distinction: Administrators are part of the 'admin' group and are allowed full access to almost all applications, preferences, and most system files... Because administrative access is required to make changes to the system, this is the default account type for the initial account created when Lion is set up for the first time with the Setup Assistant."

Upon speaking with several AppleCare advisors recently, I've been told that this is "normal"; I have been unable to locate any documentation by Apple or anyone else, for that matter, to support this; I have asked for a knowledge base article regarding this, but was told by the last AppleCare representative I spoke with, Eric, that he "didn't have anything like that."

I wrote in my first letter to Apple, "the firewall is enabled, sharing of all types are disabled and all of the Internet Access types are set to 'Inactive'. Updates are important, so I manually download those from another computer, verify the integrity of the download and install from a DVD."

The steps I took did not solve my problems, however; I continued to experience the depreciation of my permissions and a resulting inability to repair them; printers being added (seen in the log), new users appearing in the Accounts area, and much more that made it impossible to complete projects. I continued to troubleshoot unsuccessfully – which led me to an erase and reinstall once again.

At one point in November and December of 2010, I became unable to start my computer or boot from a startup DVD. I called AppleCare and explained to the representative that I had reinstalled my OS several times – at least 20; I also explained about the certificates and servers found on my computer. He setup an appointment with the Genius bar at the Apple Retail Store. The solution by the Apple Genius I worked with was to replace the HD. I asked about the underlying problems I had been experiencing, but I was told that a new HD might solve all of my problems.

Upon returning home, I started up successfully and began my Security Configuration. Suddenly, my screen went blue, so I shut the system down. Upon restarting (I put the startup DVD into the disk drive), a firmware password was requested – I but I never set one. When all is said and done, I received two new Hard Drives, a new Optical Drive and no solution to my problem; in addition, I had no longer permission to use my external backup drive.

In October 2011, I called Apple Care and spoke to "John", who after reading my logs, confirmed that someone was accessing my system. He admitted that he was surprised and that this issue is not common, but said he would submit all of the information to the Engineering department for them to look over. He also sent me a “Capture” application, which gathers all of the system information and logs and bundles the information for review by Apple, which I promptly emailed back to him.

While I waited for a response, I read more articles about Mac OS X. I came to the conclusion that with no Internet Connection active and no sharing enabled, it had to be the hardware. I keep a copy of my System Profile (taken before bringing my computer into the local store) on my iPhone for my reference and for learning purposes; to be honest, I've been consumed by trying to find a solution to my problem. I love to work, and not being able to has been financially and emotionally straining.

I found 2 Ethernet Cards connected via the “bus: PCI”; there definitely should only have been a single card. After speaking with Apple multiple times and sending many logs and system configurations to them for review, I find it very difficult to understand how it took so long to resolve my issue; in addition, that I, the customer, had to be the one to find the problem.

After over a week awaiting a response from Engineering, I wrote a letter of complaint pointing out the faulty system configuration and mailed it to Mr. Tim Cook, Apple's CEO. I received a call shortly thereafter and was informed that my system would be replaced with the base model 27" iMac (mid-2011). The following is what has happened since I received the new iMac, which I sincerely hoped would be a resolution to my problems; however, I am no closer to a resolution now as I was in 2009 or 2010.

November 2, 2011 - I started up my new system and began to run the security commands copied and pasted from the Security Configuration Guide found on Apple's website; I received a number of errors. Then I noticed a large eject icon on the upper menu bar on the right side of the screen. I began a Software Update, and was surprised to see that "Remote Desktop Client" listed; I know that it is not a standard part of the OS X Lion installation, so to get some assistance, I called AppleCare, but not before leaving a message with "Heather", who contacted me to assist in resolving my last letter of complaint.

When I spoke with AppleCare, I spoke with "Missy", who agreed that the Remote Desktop Client update didn't seem right; she advised me to do a 7-pass erase and to call her back the next day so she could walk me through installing and further troubleshooting.

Missy, unfortunately, was taken off of my case by Heather, who called me back on November 3 and told me that "Scott" would handle it; I told her I wanted to speak with Missy - that she was doing a good job and I wanted to follow-up as we had planned, but she said she arranged for me to talk to Scott... so I begrudgingly waited as I held the line. Scott informed me that I "shouldn't have to use Apple's Security Configuration guide." I tried to go through the installation guide with him - I had questions about it, but he said that he didn't have time to go through the installation log, and, if I had any more specific problems to contact AppleCare.

I spoke with Heather again shortly thereafter and told her that Scott had not been helpful; I really would like to conclude with Missy if at all possible. Heather said that it sounded as if I was concerned about someone "intruding onto my system", and if that was the case, there was nothing Apple could do for me but I should "contact my local law enforcement".

If the new system that I received had not come with Remote Desktop Client already installed, in addition to having AppleCare (Missy) attempt to assist me, I may have more readily understood her position. November 7, 2011 - was working on a website I was designing, and when I tried to save the file, I got a window that I did not have permission to do so. I repaired the permissions via Disk Utility, but I still could not alleviate the error I was getting. I tried to restart to the Recovery Partition, but pressing the command + r keys during startup, but the recovery partition never appeared.

November 8, 2011 - spoke with "Ivan" at AppleCare who advised me to do an Internet Recovery by pressing command + option + r. It worked, and he then advised me to repartition to one partition and reinstall. I continued to experience permissions problems and ended up reinstalling (as advised) a fourth, fifth and sixth time.

November 11, 2011 - I spoke with "Michael" at AppleCare when I was unable to install onto my HD, I received a "prohibited" symbol when starting up.

November 12, 2011 - I arrived at the Apple Retail Store for my scheduled appointment at 1:30 PM. The associate who checked me in said that my appointment had been scheduled for 1:20, but if I could wait they might fit me in. A little after 2PM, "Stephen" from the Genius Bar confidently informed me that he could "fix my problem". In target disk mode he booted to a Snow Leopard system; seeing this, I said, "you know that my system shipped with Lion, right?" He said, "yes". Suddenly I heard Stephen say, "do your thing..."

I looked at the screen and recognized that he had, in fact, installed Snow Leopard. I told him, now for the second time, that my system shipped with Lion - why was I looking at Snow Leopard? He responded that it shipped to the store with Snow Leopard and that he wanted to get it back to its "base system". He suggested I do a software update, and again, Remote Desktop Client was a recommended install; when I questioned this, he said that the update didn't indicate that the program was actually installed, but that it had to be there in case I ever needed it (didn't seem to make any sense to me, but at this point, I was questioning his knowledge).

He walked into the back, and an error message appeared - saying that it was unable to successfully install the updates. At this point, I was very frustrated - a typical rule of thumb is never to install an older Operating System than the one the computer had initially; upon his return several minutes later, told him that I wanted to finish up at home. I grabbed my iMac and as I turned to walk out of the store he said, "well, everything looks fine!"

That evening I left a message and sent an email to "Michael", the advisor who setup the appointment. Then I called AppleCare and spoke to "Sam". When I tried to login, my password no longer worked. Sam walked me through starting up in Single-User mode and changing my password, and then he advised me to upgrade to Lion, which worked out because I had purchased it for my previous system. He also advised me to speak to Michael the next time he was available to follow up. When I started up in Lion the display flickered unpredictably and, when restarting, whatever Preferences I set would revert back to the initial settings. I started up to the Recovery Partition, but when I tried to securely erase, the progress bar went from start to finish in a few seconds, and then the Disk Utility would close on its own.

November 16, 2011 - Michael called and left a message that he wanted to ship me a Lion recovery USB for me to try. When I called him back I let him know that when the Secure Erase wouldn't work in the Disk Utility, that I opened Terminal to try it from there; but upon entering "diskutil list", the system showed 12 disks attached to my computer (not partitions, but disks, some with multiple partitions of their own), which I could not unmount because the system returned that they were "busy". I also tried to force unmount, which appeared successful, but upon entering the initial list command, the 12 disks persisted.

November 18, 2011 - After receiving the recovery key, I tried to startup to the drive and was unable to do so; I was unable to proceed with an erase or install, either. Michael said that because of the trouble I had at the retail store, he would schedule an in home repair and the technician would replace my HD on site. Before we ended the call, he mentioned that he needed my Apple ID and password, that the installation required such information; I said that was not the case, of that I was certain, and that he did not need nor would I be giving my password to anyone. He explained that Lion was new to him and didn't mention it again.

November 22, 2011 - The service technician arrived at my home at 6 PM and installed my new HD on site. To ensure it worked properly he installed Lion as well; everything seemed to work well initially.

January 16, 2012 - I ran into Permissions problems and couldn't delete files from my desktop. I booted to the Recovery Partition, and after trying to erase and reinstall multiple times with no success, in addition to the inability to securely erase or unmount the multiple disks from my system, "Glen", from AppleCare scheduled another appointment at the Genius Bar. He suggested that I may need a new HD, in all likelihood; he also said he would like me to follow up with him in the future (after the repair) with any additional problems I might have.

January 17, 2011 - went through troubleshooting and then dropped off my iMac at the retail store; the person with whom I left it with said that they would be replacing the HD.

January 18, 2011 - I received a voicemail from the Retail store saying that my computer was ready for pickup. When I arrived at the store, they gave me a receipt to sign saying that Lion had been reinstalled; when I asked if the problems had been resolved with just an installation, the associate I spoke with said that they had been resolved. Finding what the associate said extremely hard to believe, I asked to verify this before leaving the shop. When I started up, everything was as it was the day before; multiple disks, no ability to perform a secure erase. I then asked the associate why he wasted my time when it wasn't fixed? In short, I left it there, once again, for repair.

January 24, 2011 - I picked up my computer; the HD had been replaced. January 25, 2011 - I sent Glen a follow-up email about some issues I was still encountering: still a member of the staff group (as the only user on the system) and multiple certificates being pushed to my keychain, and even after deleting, they reappeared. I did a Capture Data and sent it to Glen. Shortly thereafter I received a voicemail from him saying that, in order to troubleshoot, he wanted to remotely connect to my computer.

To be frank, I was uncomfortable with this; as far as troubleshooting goes, there is nothing that he would have been unable to walk me through himself; in addition, the Capture Data should have pointed to whatever problems were presenting themselves. I decided against it, and after he called a few times with no answer, I stopped hearing from him. In mid-February I decided I had to keep working until the system wouldn't allow me to do so anymore; I didn't, at that point, see any other option as my clients were growing increasingly impatient.

]On February 26, my password stopped working again.

February 26, 2012 - I called AppleCare and spoke with a senior advisor, "Sterling". At this point, I still had 12 disks attached to my system and which I could not unmount, in addition to not being able to securely erase my 1 TB hard drive. He said he wanted to ship me a new USB; I informed him that I already had one, but he said that this was different; with this USB, there would only be Lion installed, no recovery partition, which may solve the permissions problems. I found this odd, and even now, I cannot find any knowledge base article on such a version of Lion, but nonetheless, I received the new USB. After I received it I ignored it - I, at this point and well before, am completely overwhelmed and frustrated by the lack of assistance and clarity in the process of using a workable iMac. Finally, because of clients calling and lack of income, I tried to make it work.

March 12, 2012 - I started up via the USB shipped to me by Sterling. I was still unable to securely erase or unmount the 12 disks which appear attached to my system somehow. In addition, I am unable to Repair the Disk; when I press "Repair Disk" in the Disk Utility, nothing happens. I noticed some strange things in the installation log, so while in Recovery mode, I attempted to connect to a known wireless network in order to send the log to Apple; but after entering the network password a window popped up also asking for the "login keychain password".

I called AppleCare and spoke with Senior Advisor "Romaine". After explaining what was going on, he mentioned the Capture Data program, so I forwarded him the previous capture data information along with all of the photos I has previously sent to other advisors. He assured me that my case was a top priority and that the Engineering Department would look at it as soon as possible; he would call me with the results within a day or two.

]March 13, 2012 - I didn't receive a call, but an email from Romaine, stating the following: "Allison I have received a response from the engineers they have reviewed the screen shots and the capture data log. They stated that the partitions that you are seeing are part of the recovery partition and are ok. They did not see any failures with the erase and would like you to continue with the installation."

I was very upset upon reading this; I know from experience that it takes significantly longer to do a seven-pass erase than it does to do a zero-pass erase, in fact, roughly 18 hours longer, and I am certain that it was definitely not being executed as it should have been. In addition, the 12 disks I saw were definitely not partitions, but separate disks, some with partitions of their own. During the past few years I have had to go through these multiple problems, and I have educated myself. I've thoroughly studied the book "Apple Pro Training Series, OS X Lion Support Essentials" in addition to reading many of the articles in the Apple Developer Center; the misleading even inaccurate information being given to me in the name of the AppleCare Protection plan which I purchased in good faith has left me very upset and frustrated; I can't help but feel betrayed at this point.

I responded to his email, as quoted below:
"Your response is not accurate - if it was I could do a secure erase - I AM UNABLE TO DO SO. I AM UNABLE TO REPAIR THE DISK. I AM UNABLE TO REMOVE THE KEYCHAINS FROM THE DRIVE. I am having the same issues which have rendered my system unusable - you are refusing to help me AND knowingly giving me inaccurate information; I'll site the information from the Apple Pro Training Series book "OS X Lion Essentials" for reference in my upcoming letter. I'll have to send another Certified Letter to the Administration at Apple to get help with this; I'll be sure you receive a copy."

After taking some time to think about the situation and what I wrote to Romaine, I decided that it isn't necessary to send Apple Inc. copy from a book the company is itself responsible for producing; however, the information is available, and in addition, I believe that if AppleCare Advisors need to be educated about the OS Lion and Macintosh Systems, it is not my responsibility, but the responsibility of those who employ him. On the evening of March 13 I spoke with "Mike" at Apple Care about these same issues. He told me to "ignore" the disks, simply repartition the drive and reinstall Lion. I have screen shots documenting everything I've described, and have sent them to each Advisor I've spoken with, when relevant.

March 30, 2012 - I wrote another letter and sent it by mail to Tim Cook, CEO and another to the Board of Directors. I also emailed Mr. Cook and Mr. Bob Mansfield , the VP of Operations,. I received a response, but it is just more of the same.

April 4, 2012 - I received a call from "Joslin" in Executive Relations: She said she was assigned to my case because of my email (not sure which one & I didn't ask). She also said that she would schedule a call with an advisor the next day. April 5, 2012 - I received a call from Technical Advisor "Jared": I sent him screen shots via email, and as advised, started up doing an Internet Recovery. I noted that my cursor was moving on its own, and Jared advised me to plug the USB into the computer; cursor still moved unpredictably I repartitioned to 1 Partition, naming it Macintosh HD, and he then mentioned that we would not do a "Secure Erase" (which I said was a significant issue in my letter of complaint). He advised me to reinstall Lion, and when completed, to call him to follow-up. At 5:40 PM, I spoke again with Jared: I started up & he asked if I saw the disks in the Disk Utility; I told him again, as was stated in my letter, that the disks were hidden and only appeared in the recovery partition. I asked him why I was a member of the "staff" group, to which he replied that as an admin, I should be a member of the staff group (with no other accounts on the system).

I asked him about the certificates and ubiquity keys that were once pushed to my login keychain but now appear in the "System" keychain; he said that was normal; I asked again why these untrusted certificated should appear here, and why, in the same operating system a few months ago, these similarly untrusted certificates and keys appeared in my "login" keychain - he just said he didn't know about them appearing in different locations but that those "untrusted" certificates were normal.

He ignored my problem with the multiple mounted disks and the inability to securely erase; he acted like it didn't matter and skipped it. I told him that I was tired of being lied to - that I wasn't an idiot, and hung up. I shouldn't have done it, but the emotional and financial toll have become overwhelming.

April 6, 2012 - I called Joslin in the morning - the person handling the case in Executive Relations: She said that she spoke with Jared and he said it didn't go well She said she was happy to set me up with another call, but she was worried that if I was given the same tech support solution I wouldn't be satisfied... was that, in fact, the case?

I explained that the main problems that I described in my letter to Apple referenced the inability to properly use Disk Utility to securely erase, and for some reason, time and time again, I was told to repartition as a solution, but the disk images appearing on my drive remained because I do not have the option of actually erasing anything. That whole complaint was ignored - as if getting to the desktop meant that my system was functioning properly. I even reminded her that one of the first questions she asked me was, "have you securely erased the drive?"; no, you didn't have to be a tech genius to know that securely erasing the drive was built into the utility for a reason and that if I am unable to do that, my system is not functioning as Apple intended. She said she understood and would schedule an appointment with another advisor the following day, April 7th.

I left the house and upon returning noticed that Joslin had left a few voicemails; I missed a call she scheduled for noon that day and then received another message that she scheduled another call for 11 AM on April 7, 2012. I called Joslin back at 3:45 PM confirming the appointment with tech support the following day at 11 AM via voicemail.

April 7, 2012 - received the scheduled call from "Eric": He advised me to start up via the Internet Recovery option. I asked if I could record the conversation. He said, "they don't allow us to do that". In the meantime, I mentioned that I was a member of the "staff" group; he asked where I was seeing that information and I sent him a screen shot via email. He told me that as an Admin user, he was a member of staff, so I quoted the paragraph on Administrators from the Apple Pro Training Series, "OS X Lion Support Essentials", which is also the Certification Exam Preparation for "Apple Certified Support Professional 10.7" I said, "I'm reading from page 61, "Administrative users aren't much different from regular users, save for one important distinction: Administrators are part of the 'admin' group and are allowed full access to almost all applications, preferences, and most system files... Because administrative access is required to make changes to the system, this is the default account type for the initial account created when Lion is set up for the first time with the Setup Assistant.""

I asked him if the book was wrong, and he said that it seemed that it was... He also mentioned escalating the issue to engineering, which sounded preposterous, considering the simplicity of the subject matter and the quote I just read him - written in an Apple Certification book; I asked him again, so is the book wrong or are the advisors I've spoken with wrong? He answered by saying that he was looking at 2 computers, for which he was Admin, and said he was a member of "staff". I told him I should probably contact the publisher. I wanted to take the Apple Certification exam myself, and if the book is wrong, there are a lot of people being misinformed.

He didn't respond about the book, so I asked him what steps to take next to troubleshoot my system; he suggested that I repartition to 1 partition before trying to securely erase, which I did. He asked if I had anything connected to my computer after he looked at the screen shot with all of the attached disks; I said no. He said he had never seen anything like that before.

I asked what would we do if after the erase the disk images were still present - and he said we would troubleshoot and find out why they were there and how to remove them at that time, if that is the case after the secure erase. Even though I took the same steps I've taken in the past, the process of Securely Erasing was successful.

Unfortunately the attached disks are still attached to my system; when I spoke with Eric today, he said that Engineering reported that these disks were entirely normal; although, I probably wouldn't find any documentation on this, as it's something new.

Now, after all of the troubleshooting, I can't help but come back to what led me to discover the additional Ethernet card - with only a wired Ethernet Connection active and no sharing enabled, is it, in fact, an issue of hardware again? If so, will I be able to solve it again, on my own? I haven't been able to, yet. I've spent three years struggling to complete my work - all because the system I purchased will not function and no one at AppleCare has genuinely tried to resolve my issues.

Here is a plan. When you buy a computer don't start off by installing scripts that you read about in books! If your system came with 2 Ethernet cards...so what? If they aren't connected to anything..doesn't matter how many are in your system. From what I've ad of your extremely long post, it seems that you have started off by changing the system configuration.
As to your user account, if you just set up the one account when you originally start the computer it will be in the administrator group by default unless you change that during setup.
I have read the Essentials book you have referenced, but have found most of what it says is NOT essential. I have five Macs in my home and I just use common sense when I set them up, ensure each is backed up and updated regularly. Have had no major problems even with 2 teens in the house.

When trying to erase, I'm booting to the recovery partition. As far as being a member of the staff group - I am not a member of the admin group at all... which seems ti be why I'm running into all the permissions problems over and over.

Security conf guid just tries to unload alriport and Bluetooth kexts.. Not much more than that...

Does anyone else have physical access to your iMac? Anyone at all? It's incredulous to believe that you wiped your drive clean; reinstalled OS X from scratch; and it was hacked off the bat, even while offline. Repeatedly, no less. At least I think that's what I gathered from some of that. Unless you have dodgy software that you are installing. There are trojans that masquerade as desirable apps on piracy websites. Barring something you are doing extremely wrong, or something you unwittingly keep re-downloading/reinstalling, this has to be the result of someone with physical access to your iMac.

To verify that your account is not part of the admin group, you would need to look at your GUID for the account. As I have stated earlier. You can be a member of multiple account, this is standard in any version of unix. What you are most likely seeing it the secondary group along with your UID of 501.

Life isn't about waiting for the storm to pass, It's about learning to dance in the rain!

Its been over a year since I first posted this, and up until now ive been struggling to find an answer to what could be creating the issues I've been experiencing.

The USB that Apple shipped me has a "Server Essentials" package and thanks to a program I found, called Pacifict, I was able to create a BOM listing and I took a bunch of photos with my phone. Please look at this here: Flickr: alisonsusanne's Photostream

My question is - what in the world do I do now? I have managed permissions - but managed by whom and why?

I have news for you, Lion has Remote Desktop built in. Every iMac in the last few years has 2 network cards. An Ethernet and a WiFi (Airport) card. Why is that an issue?

Also like was suggest above, stop reading security books. I go to thousands of sites a day and do all sorts of stuff and never have had issues. Why are you doing all this? Most of your issues are caused by all the things you are messing with reading that paper or book.

I know that it is easy to not look at the photos I posted and be dismissive of what I am saying - I never said anything about Remote Desktop being installed - I know it is a standard part of the OS X Lion install; what I have a problem with is that after a clean install my GiD is 20; and while you accuse me of being the reason for the issues I am having, I have to inform you that the last time I lost the permission to use terminal and see the top processes, in addition to being unable to open my documents folder, the ONLY program I was using was Illustrator to edit a wedding invitation.

Blame me all you want. I know that in 9 out of 10 cases user error is to blame; it is not the case here. When programs are installed while you are using Photoshop - only photoshop with no online connection - using sudo from an "unknown TTY" according to console (I keep it open), something is wrong. Finding out what it is has taken time, but I am not am ignorant user - of that, I can assure you.

Additionally, why don't you read the post before you respond next time. The details can make you look like a jerk every time.